Posted today
Secret
Senior Level Career (10+ yrs experience)
Unspecified
Engineering - Systems
CyKor is a fast-growing Technology Solutions Provider to both federal and commercial clients. We attribute our continued growth to our core values, our professional team, and the valuable relationships with our clients. Our small and growing team fosters an environment in which each team member is respected, valued, and appreciated for their contributions.
The Cybersecurity Architect and Practice Lead will own and grow our cybersecurity offerings across federal and DoD missions. This role combines deep technical architecture expertise with practice leadership to define repeatable, high-margin cybersecurity solutions—focusing on SIEM/SOAR modernization, automation, and Zero Trust enablement. The successful candidate will drive technical excellence, mentor engineers, shape proposals, and ensure our solutions are lab-validated, compliant (RMF/ATO/STIG).
Key Responsibilities
· Lead the design, validation, and delivery of cybersecurity architectures for DoD/DHS customers, with primary emphasis on SIEM/SOAR platforms (Splunk, Elastic) and associated automation
· Own the cybersecurity practice roadmap: define offerings, standards, templates, and Lab validation paths for SIEM/SOAR modernization, SOAR orchestration, log management, threat hunting, and incident response
· Architect integrated solutions that combine Splunk/Elastic with complementary tools (Forcepoint UAM, ServiceNow SecOps, Mattermost playbooks, Everfox CDS, RedSeal, Corelight, Wiz, Pure Storage)
· Drive automation of security operations (Compliance-as-Code, automated STIG validation, policy enforcement, SOAR playbooks) to reduce manual effort and audit risk
· Serve as technical lead on proposals, RFIs, and customer briefings—translate mission needs into defensible, repeatable architectures
· Mentor and develop cybersecurity engineers; establish repeatable delivery patterns and knowledge artifacts (reference designs, runbooks, playbooks)
· Ensure all solutions meet federal compliance (RMF, ATO, STIG, Zero Trust mandates) and are deployable across IL5/6/7 environments
· Collaborate with Network, Tactical Infrastructure, and Hybrid Cloud practices to deliver unified, mission-ready platforms
Requirements
12+ years of hands-on cybersecurity architecture and engineering experience in federal/DoD environments
Deep expertise in Splunk and Elastic (SIEM, XDR, SOAR, EDR, log management, observability)
Proven ability to design and implement SIEM/SOAR solutions, including correlation rules, dashboards, playbooks, and orchestration workflows
Strong automation background: scripting (Python, Ansible), Compliance-as-Code, Infrastructure-as-Code (Terraform), and SOAR automation
Experience integrating SIEM/SOAR with endpoint (Elastic EDR, Forcepoint UAM), network visibility (Corelight, RedSeal), cloud vulnerability (Wiz), and storage/forensics (Pure Storage, Snare)
Minimum of an active Secret clearance
Required Certifications:
CISSP (or equivalent)
Splunk Certified Architect/Power User
Preferred Qualifications
Experience leading cybersecurity practices or teams in federal services integrators
Familiarity with DoD Zero Trust Reference Architecture (pillars: User, Device, Network, Workload, Data, Visibility, Automation)
Hands-on with cross-domain solutions (Everfox CDS, Forcepoint UAM) for IL5/6/7
Prior work on Navy/DHS programs (e.g., CANES, USCG, NIWC, NAVWAR)
Experience with tactical/edge cybersecurity (forward-deployed, contested environments)
Elastic Certified Engineer / Security Analyst certification
GIAC GCIA, GCIH, GCFA, or similar certification
The Cybersecurity Architect and Practice Lead will own and grow our cybersecurity offerings across federal and DoD missions. This role combines deep technical architecture expertise with practice leadership to define repeatable, high-margin cybersecurity solutions—focusing on SIEM/SOAR modernization, automation, and Zero Trust enablement. The successful candidate will drive technical excellence, mentor engineers, shape proposals, and ensure our solutions are lab-validated, compliant (RMF/ATO/STIG).
Key Responsibilities
· Lead the design, validation, and delivery of cybersecurity architectures for DoD/DHS customers, with primary emphasis on SIEM/SOAR platforms (Splunk, Elastic) and associated automation
· Own the cybersecurity practice roadmap: define offerings, standards, templates, and Lab validation paths for SIEM/SOAR modernization, SOAR orchestration, log management, threat hunting, and incident response
· Architect integrated solutions that combine Splunk/Elastic with complementary tools (Forcepoint UAM, ServiceNow SecOps, Mattermost playbooks, Everfox CDS, RedSeal, Corelight, Wiz, Pure Storage)
· Drive automation of security operations (Compliance-as-Code, automated STIG validation, policy enforcement, SOAR playbooks) to reduce manual effort and audit risk
· Serve as technical lead on proposals, RFIs, and customer briefings—translate mission needs into defensible, repeatable architectures
· Mentor and develop cybersecurity engineers; establish repeatable delivery patterns and knowledge artifacts (reference designs, runbooks, playbooks)
· Ensure all solutions meet federal compliance (RMF, ATO, STIG, Zero Trust mandates) and are deployable across IL5/6/7 environments
· Collaborate with Network, Tactical Infrastructure, and Hybrid Cloud practices to deliver unified, mission-ready platforms
Requirements
12+ years of hands-on cybersecurity architecture and engineering experience in federal/DoD environments
Deep expertise in Splunk and Elastic (SIEM, XDR, SOAR, EDR, log management, observability)
Proven ability to design and implement SIEM/SOAR solutions, including correlation rules, dashboards, playbooks, and orchestration workflows
Strong automation background: scripting (Python, Ansible), Compliance-as-Code, Infrastructure-as-Code (Terraform), and SOAR automation
Experience integrating SIEM/SOAR with endpoint (Elastic EDR, Forcepoint UAM), network visibility (Corelight, RedSeal), cloud vulnerability (Wiz), and storage/forensics (Pure Storage, Snare)
Minimum of an active Secret clearance
Required Certifications:
CISSP (or equivalent)
Splunk Certified Architect/Power User
Preferred Qualifications
Experience leading cybersecurity practices or teams in federal services integrators
Familiarity with DoD Zero Trust Reference Architecture (pillars: User, Device, Network, Workload, Data, Visibility, Automation)
Hands-on with cross-domain solutions (Everfox CDS, Forcepoint UAM) for IL5/6/7
Prior work on Navy/DHS programs (e.g., CANES, USCG, NIWC, NAVWAR)
Experience with tactical/edge cybersecurity (forward-deployed, contested environments)
Elastic Certified Engineer / Security Analyst certification
GIAC GCIA, GCIH, GCFA, or similar certification
group id: 91173057
